Open jiasli opened 2 months ago
We would need to investigate how, and what kind of extra dependency it would bring (pywin32?).
FWIW, the managed identity support is coming. And I believe the path forward would be stay away from secret and even cert, and use federated by managed identity instead. See the last paragraph of the client_credential
parameter for details.
MSAL client type
Confidential
Problem Statement
Currently, authenticating a service principal with certificate only supports plain-text certificate string as
private_key
:https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/52b1fc5a442ff5dd33f48ce717f1032c8002ea9e/msal/application.py#L213-L224
Proposed solution
It would be helpful to allow reading certificate from Windows certificate store.